# Pomerium Console Environment Variables

The keys listed below can be applied in Pomerium Console's config.yaml file, or applied as environment variables (in uppercase, replacing - with _).

Name Description Default Value
#administrators A list of user ids, names or emails to make administrators. Useful for bootstrapping. none
#audience A list of audiences for verifying the signing key. []
#authenticate-service-url URL for the Authenticate Service. Required for Device Registration. none
#bind-addr The address the Pomerium Console will listen on. :8701
#customer-id The customer ID none
#database-encryption-key The base64-encoded encryption key for encrypting sensitive data in the database. none
#database-url The database Pomerium Enterprise Console will use. postgresql://pomerium:pomerium@localhost:5432/dashboard?sslmode=disable
#databroker-service-url The databroker service URL. http://localhost:5443
#debug-config-dump Dumps the Databroker configuration. This is a debug option to be used only when specified by Pomerium Support. false
#disable-remote-diagnostics Disable remote diagnostics. true
#disable-validation Disable config validation. false
#grpc-addr The address to listen for gRPC on. :8702
#help help for serve false
#license-key Required: Provide the license key issued by your account team. none
#override-certificate-name Overrides the certificate name used for the databroker connection. none
#prometheus-data-dir The path to Prometheus data none
#prometheus-listen-addr When set, embedded Prometheus listens at this address. Set as host:port 127.0.0.1:9090
#prometheus-scrape-interval The Prometheus scrape frequency 10s
#prometheus-url The URL to access the Prometheus metrics server. none
#shared-secret The base64-encoded secret for signing JWTs, shared with OSS Pomerium. none
#signing-key base64-encoded signing key (public or private) for verifying JWTs. This option is deprecated in favor of authenticate-service-url. none
#tls-ca base64-encoded string of tls-ca none
#tls-ca-file file storing tls-ca none
#tls-cert base64-encoded string of tls-cert none
#tls-cert-file file storing tls-cert none
#tls-insecure-skip-verify Disable remote hosts TLS certificate chain and hostname checks. false
#tls-key base64-encoded string of tls-key none
#tls-key-file file storing tls-key none
#use-static-assets When false, forward static requests to localhost:3000. true
Last Updated: 3/17/2022, 4:39:41 PM



Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. Pomerium is a registered trademark.